What’s All the Hype with GDPR?
There has been a lot of buzz around another acronym, GDPR, otherwise known as the General Data Protection Regulation. (Why is it that people love to create acronyms in order to make something appear really complicated?) If your business is based in the European Union (EU), or you process the personal data of people located in the EU, the GDPR affects you.
Simply stated, GDPR is a new regulation to protect the information and personal data individuals within the European Union (otherwise known as EU.) Because this new regulation will be in effect on May 25th, 2018, you may be receiving a lot of emails from any sites that you have provided your email address to informing you of their updated Privacy and Cookie policies. You may have even received an email from Google regarding your Google Analytics account that looks like this:
If you have Google Analytics, all you need to do here is check out your settings and check off how long Google will hold on to the data you have collected.
You can choose how long Analytics retains data before automatically deleting it:
Do not automatically expire
When data reaches the end of the retention period, it is deleted automatically on a monthly basis.
What is changing with GDPR?
There are several things that are being updated with GDPR, but one of the most important things is that businesses are more transparent about how they are using your personal information.
Your customer must have easy access to their personal data. Basically, you must be ready to make their personal information readily available and easy to access.
Your customer has the right to switch service providers with ease. If your business has to share data across organizations or your customers have the option to switch between services, you must ensure that they can do that smoothly and securely.
Your customers must give clear consent to the processing of their personal data. Basically, you need to aim for explicit consent by your customers.
Your customer has the right to object to the use of their data for the purposes of ‘profiling.’ This requires increased transparency.
So...What does all this really mean, and do I have to do anything?
Here are a couple of great legal resources where you can get more information:
Send an email to your current lead list requesting them to opt in again with the reminder to review your privacy notices and terms and conditions, and cookie policies.
Send an email to your current lead list informing them of your commitment to protecting and safeguarding personal data. Be sure to include a statement of acknowledgment, basically letting them know that by them continuing to use your website they accept your updated policies and notices.
As always, if you have any questions or comments, please write them below. Specifically, I want to know how you handled the new GDPR?